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WHAT IS CLAIMED 15: 

1 . A system for providing a service to a packet 
based network, the service applying classifications that 
use arbitrary combinations of extracted packet header 

5 information, the system comprising: 

a processor having instructions to extract 
predetermined header information from a packet and 
further having instructions to perform table look-ups 
;^ with the header information; 

10 a first data structure that provides a longest match 

jr value for processor table look-ups; 

y: a second data structure that provides a first match 

W 

iJI value for processor table look-ups of combinations of 

longest match values, the first match value determining a 
15 classification for the packet. 

2 . The system of Claim 1 further comprising a data 
structure modifier operable to dynamically update the 
tree data structures to create a new packet 
classification . 

3 . The system of Claim 2 wherein the new packet 
classification relies on the predetermined header 
information to avoid changes to the processor program. 

25 

4 . The system of Claim 1 wherein the first data 
structure comprises a pattern tree. 




5. The system of Claim 1 wherein the second data 
3 0 structure comprises a ordered virtual tree. 
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6. The system of Claim 1 wherein the processor 
instructions comprise a parse tree that extracts header 
field values. 

7 . The system of Claim 6 wherein the parse tree 
comprises plural nodes and plural branches, the nodes 
representing packet fields and the branches representing 
values for the packet fields. 

8. The system of Claim 6 wherein the leaf nodes of 
the parse tree comprise the table look-up instructions. 

9. The system of Claim 6 wherein the header field 
values comprise one or more of Internet Protocol source 
address and destination address. 

10. The system of Claim 6 wherein the header field 
values comprise one or more of Transfer Control Protocol 
source port and destination port. 

11. The system of Claim 1 wherein the processor 
comprises pattern processor. 

12 . The system of Claim 11 further comprising a 

25 route/switch processor in communication with the pattern 
processor and operable to modify, shape and route the 
packet according to the classification. 
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13 . A method for classifying packets transmitted 
across a network, the method comprising: 

selecting predetermined packet field values from the 
packets ; 

5 classifying the packets by matching one or more 

packet field values with a data structure; and 

dynamically creating a new packet classification by 
modifying the data structure to associate one or more of 
the predetermined packet field values with the new packet 
10 classification. 

14. The method of Claim 13 wherein selecting 
predetermined packet field values comprises extracting 
packet field values from packet headers with a pattern 

15 processor having a program. 

15. The method of Claim 14 wherein dynamically 
creating a new packet classification further comprises 
modifying the data structure and leaving the pattern 

2 0 processor program fixed. 

16. The method of Claim 15 wherein the pattern 
processor program comprises a parse tree having plural 
nodes including a leaf node, the method further 

25 comprising: 

calling a function at the leaf node, the function 
performing table look-ups from the data structures to 
determine a packet classification. 
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17. The method of Claim 16 wherein performing table 
look-ups comprises: 

looking up a longest match for packet header values ; 

and 

looking-up a first match for combinations of the 
longest match table look-up results. 

18 . The method of Claim 13 wherein the data 
structure comprises an ordered virtual tree. 

19. The method of Claim 13 wherein the data 
structure comprises a pattern tree. 
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20. A system for classifying packets comprising: 
a network processor having programmably fixed 

instructions that select values from predetermined packet 
fields ; 

5 a data structure that associates one or more packet 

field values with a classification; and 

a data structure modifier interfaced with the data 
structure and operable to modify the data structure to 
define one or more classifications, each classification 
10 associated with one or more packet field values. 

21. The system of Claim 2 0 wherein the programmably 
fixed instructions comprise a parse tree having plural 
nodes . 

15 

22. The system of Claim 2 0 wherein the data 
structure comprises: 

a pattern tree that determines a longest match for a 
packet field value; and 
2 0 an ordered virtual tree that determines a first 

match for a combination of longest matches. 
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